Class CrlfResponseFilter

  • All Implemented Interfaces:

    public class CrlfResponseFilter
    extends java.lang.Object
    implements javax.servlet.Filter
    Centralized configuration of http response to avoid security issues. Fix: CWE-113 : Improper Neutralization of CRLF sequences in HTTP Headers (‘HTTP Response splitting’) When and why it’s happens? 1.While entering an data in an web application through an untrusted source, most frequently an HTTP requests. 2.This data’s is included in an HTTP response header and again sent to an user without being validated for malicious character (CRLF). Impact: An hacker might able to perform cross site scripting, phishing and cache poisoning attacks. The request sent by the hacker can be cached and displayed to all the user of the website. An final result, he can able to steal an sensitive data and attack an users by using the data. To enable this filter, add (if not already) the following <filter> declaration to WEB-INF/web.xml:
     <web-app ...>
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void destroy()  
      void doFilter​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)  
      static boolean getIsRemoveCrlf()  
      void init​(javax.servlet.FilterConfig filterConfig)  
      static void setIsRemoveCrlf​(boolean enableRemoveCrlf)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • CrlfResponseFilter

        public CrlfResponseFilter()
    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
                  throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain chain)
        Specified by:
        doFilter in interface javax.servlet.Filter
      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter
      • setIsRemoveCrlf

        public static void setIsRemoveCrlf​(boolean enableRemoveCrlf)
      • getIsRemoveCrlf

        public static boolean getIsRemoveCrlf()